Documentation
¶
Index ¶
- Variables
- func IsPathWithinAllowedDirectories(path string, allowedDirs []string) bool
- func ValidateFinalPath(path string, allowedDirs []string) (string, error)
- func ValidateFinalPathForCreation(path string, allowedDirs []string) (string, error)
- func ValidateNoSymlinksInPath(path string, allowedDirs []string) error
- func ValidatePath(path string, allowedDirs []string) (string, error)
- func ValidatePathForCreation(path string, allowedDirs []string) (string, error)
- func ValidatePathForCreationWithResolved(path string, allowedDirs []string, resolvedAllowed []string) (string, error)
- func ValidatePathWithResolved(path string, allowedDirs []string, resolvedAllowed []string) (string, error)
Constants ¶
This section is empty.
Variables ¶
var ( ErrAccessDenied = errors.New("access denied") ErrPathOutsideAllowed = errors.New("path is outside allowed directories") ErrSymlinkOutside = errors.New("symlink target is outside allowed directories") ErrSymlinkOperationDenied = errors.New("operation denied: path is a symlink") ErrNullByte = errors.New("path contains null byte") ErrEmptyPath = errors.New("path is empty") ErrNoValidAncestor = errors.New("no valid ancestor found within allowed directories") )
Sentinel errors for path validation.
Functions ¶
func IsPathWithinAllowedDirectories ¶
IsPathWithinAllowedDirectories checks if a path is within any of the allowed directories.
func ValidateFinalPath ¶
ValidateFinalPath validates an existing path and rejects symlinks. It returns the resolved absolute path if valid.
func ValidateFinalPathForCreation ¶
ValidateFinalPathForCreation validates a path for creation and rejects symlink destinations. It returns the resolved absolute path if valid.
func ValidateNoSymlinksInPath ¶
ValidateNoSymlinksInPath walks each segment of the path starting from the allowed root and verifies that no component is a symlink. Returns nil if all components are regular directories (or don't exist). This prevents symlink TOCTOU attacks during directory creation or file operations.
func ValidatePath ¶
ValidatePath validates that a path is within allowed directories and safe to access. It returns the resolved absolute path if valid.
func ValidatePathForCreation ¶
ValidatePathForCreation validates a path for file/directory creation. It checks that the parent directory is within allowed directories.
func ValidatePathForCreationWithResolved ¶
func ValidatePathForCreationWithResolved(path string, allowedDirs []string, resolvedAllowed []string) (string, error)
ValidatePathForCreationWithResolved validates a path for creation using pre-resolved allowed directories. This avoids redundant symlink resolution when the caller has already resolved them.
func ValidatePathWithResolved ¶
func ValidatePathWithResolved(path string, allowedDirs []string, resolvedAllowed []string) (string, error)
ValidatePathWithResolved validates a path using pre-resolved allowed directories. This avoids redundant symlink resolution when the caller has already resolved them.
Types ¶
This section is empty.
Source Files